Move bpf string retrieval to it's own function. Clean up pcap sourcres a bit.

15 years ago · e0aacac4c6
parent ba46c16aac
commit e0aacac4c6
4 changed files with 68 additions and 51 deletions
--- a/src/runmodes.c
+++ b/src/runmodes.c
@ -740,7 +740,7 @@ int RunModeIpsNFQ(DetectEngineCtx *de_ctx, char *nfq_id) {
 }

 int RunModeFilePcap(DetectEngineCtx *de_ctx, char *file) {
-    printf("RunModeFilePcap: file %s\n", file);
+    SCLogDebug("file %s", file);
    TimeModeSetOffline();

    /* create the threads */
--- a/src/source-pcap-file.c
+++ b/src/source-pcap-file.c
@ -45,7 +45,7 @@ typedef struct PcapFileThreadVars_
    Packet *in_p;
 } PcapFileThreadVars;

-static PcapFileGlobalVars pcap_g = { NULL, NULL, 0, };
+static PcapFileGlobalVars pcap_g;

 TmEcode ReceivePcapFile(ThreadVars *, Packet *, void *, PacketQueue *);
 TmEcode ReceivePcapFileThreadInit(ThreadVars *, void *, void **);
@ -56,6 +56,8 @@ TmEcode DecodePcapFile(ThreadVars *, Packet *, void *, PacketQueue *);
 TmEcode DecodePcapFileThreadInit(ThreadVars *, void *, void **);

 void TmModuleReceivePcapFileRegister (void) {
+    memset(&pcap_g, 0x00, sizeof(pcap_g));
+
    tmm_modules[TMM_RECEIVEPCAPFILE].name = "ReceivePcapFile";
    tmm_modules[TMM_RECEIVEPCAPFILE].ThreadInit = ReceivePcapFileThreadInit;
    tmm_modules[TMM_RECEIVEPCAPFILE].Func = ReceivePcapFile;
@ -117,14 +119,15 @@ TmEcode ReceivePcapFile(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq)
 }

 TmEcode ReceivePcapFileThreadInit(ThreadVars *tv, void *initdata, void **data) {
-
-    char *tmpbpfstring;
+    char *tmpbpfstring = NULL;

    if (initdata == NULL) {
        printf("ReceivePcapFileThreadInit error: initdata == NULL\n");
        return TM_ECODE_FAILED;
    }

+    SCLogInfo("reading pcap file %s", (char *)initdata);
+
    PcapFileThreadVars *ptv = malloc(sizeof(PcapFileThreadVars));
    if (ptv == NULL) {
        return TM_ECODE_FAILED;
@ -135,27 +138,28 @@ TmEcode ReceivePcapFileThreadInit(ThreadVars *tv, void *initdata, void **data) {
    pcap_g.pcap_handle = pcap_open_offline((char *)initdata, errbuf);
    if (pcap_g.pcap_handle == NULL) {
        printf("error %s\n", errbuf);
-        exit(1);
+        return TM_ECODE_FAILED;
    }

    if (ConfGet("bpf-filter", &tmpbpfstring) != 1) {
-        SCLogInfo("could not get bpf or none specified");
+        SCLogDebug("could not get bpf or none specified");
    } else {
-        SCLogInfo("using bpf-filter %s", tmpbpfstring);
+        SCLogInfo("using bpf-filter \"%s\"", tmpbpfstring);

        if(pcap_compile(pcap_g.pcap_handle,&pcap_g.filter,tmpbpfstring,1,0) < 0) {
            SCLogError(SC_ERR_BPF,"bpf compilation error %s",pcap_geterr(pcap_g.pcap_handle));
-            exit(1);
+            return TM_ECODE_FAILED;
        }

        if(pcap_setfilter(pcap_g.pcap_handle,&pcap_g.filter) < 0) {
            SCLogError(SC_ERR_BPF,"could not set bpf filter %s",pcap_geterr(pcap_g.pcap_handle));
-            exit(1);
+            return TM_ECODE_FAILED;
        }
    }

    pcap_g.datalink = pcap_datalink(pcap_g.pcap_handle);
-    printf("TmModuleReceivePcapFileRegister: datalink %" PRId32 "\n", pcap_g.datalink);
+    SCLogDebug("datalink %" PRId32 "", pcap_g.datalink);
+
    switch(pcap_g.datalink)	{
        case LINKTYPE_LINUX_SLL:
            pcap_g.Decoder = DecodeSll;
--- a/src/source-pcap.c
+++ b/src/source-pcap.c
@ -186,7 +186,7 @@ TmEcode ReceivePcapThreadInit(ThreadVars *tv, void *initdata, void **data) {
    ptv->pcap_handle = pcap_create((char *)initdata, errbuf);
    if (ptv->pcap_handle == NULL) {
        printf("error %s\n", pcap_geterr(ptv->pcap_handle));
-        exit(1);
+        return TM_ECODE_FAILED;
    }

    /* set Snaplen, Promisc, and Timeout. Must be called before pcap_activate */
@ -194,21 +194,21 @@ TmEcode ReceivePcapThreadInit(ThreadVars *tv, void *initdata, void **data) {
    //printf("ReceivePcapThreadInit: pcap_set_snaplen(%p) returned %" PRId32 "\n", ptv->pcap_handle, pcap_set_snaplen_r);
    if (pcap_set_snaplen_r != 0) {
        printf("ReceivePcapThreadInit: error is %s\n", pcap_geterr(ptv->pcap_handle));
-        exit(1);
+        return TM_ECODE_FAILED;
    }

    int pcap_set_promisc_r = pcap_set_promisc(ptv->pcap_handle,LIBPCAP_PROMISC);
    //printf("ReceivePcapThreadInit: pcap_set_promisc(%p) returned %" PRId32 "\n", ptv->pcap_handle, pcap_set_promisc_r);
    if (pcap_set_promisc_r != 0) {
        printf("ReceivePcapThreadInit: error is %s\n", pcap_geterr(ptv->pcap_handle));
-        exit(1);
+        return TM_ECODE_FAILED;
    }

    int pcap_set_timeout_r = pcap_set_timeout(ptv->pcap_handle,LIBPCAP_COPYWAIT);
    //printf("ReceivePcapThreadInit: pcap_set_timeout(%p) returned %" PRId32 "\n", ptv->pcap_handle, pcap_set_timeout_r);
    if (pcap_set_timeout_r != 0) {
        printf("ReceivePcapThreadInit: error is %s\n", pcap_geterr(ptv->pcap_handle));
-        exit(1);
+        return TM_ECODE_FAILED;
    }

    /* activate the handle */
@ -216,23 +216,23 @@ TmEcode ReceivePcapThreadInit(ThreadVars *tv, void *initdata, void **data) {
    //printf("ReceivePcapThreadInit: pcap_activate(%p) returned %" PRId32 "\n", ptv->pcap_handle, pcap_activate_r);
    if (pcap_activate_r != 0) {
        printf("ReceivePcapThreadInit: error is %s\n", pcap_geterr(ptv->pcap_handle));
-        exit(1);
+        return TM_ECODE_FAILED;
    }

    /* set bpf filter if we have one */
    if (ConfGet("bpf-filter", &tmpbpfstring) != 1) {
-        SCLogInfo("could not get bpf or none specified");
+        SCLogDebug("could not get bpf or none specified");
    } else {
-        SCLogInfo("using bpf-filter %s", tmpbpfstring);
+        SCLogInfo("using bpf-filter \"%s\"", tmpbpfstring);

        if(pcap_compile(ptv->pcap_handle,&ptv->filter,tmpbpfstring,1,0) < 0) {
            SCLogError(SC_ERR_BPF,"bpf compilation error %s",pcap_geterr(ptv->pcap_handle));
-            exit(1);
+            return TM_ECODE_FAILED;
        }

        if(pcap_setfilter(ptv->pcap_handle,&ptv->filter) < 0) {
            SCLogError(SC_ERR_BPF,"could not set bpf filter %s",pcap_geterr(ptv->pcap_handle));
-            exit(1);
+            return TM_ECODE_FAILED;
        }
    }

@ -266,23 +266,23 @@ TmEcode ReceivePcapThreadInit(ThreadVars *tv, void *initdata, void **data) {
                                        LIBPCAP_PROMISC, LIBPCAP_COPYWAIT, errbuf);
    if (ptv->pcap_handle == NULL) {
        printf("error %s\n", errbuf);
-        exit(1);
+        return TM_ECODE_FAILED;
    }

    /* set bpf filter if we have one */
    if (ConfGet("bpf-filter", &tmpbpfstring) != 1) {
-        SCLogInfo("could not get bpf or none specified");
+        SCLogDebug("could not get bpf or none specified");
    } else {
-        SCLogInfo("using bpf-filter %s", tmpbpfstring);
+        SCLogInfo("using bpf-filter \"%s\"", tmpbpfstring);

        if(pcap_compile(ptv->pcap_handle,&ptv->filter,tmpbpfstring,1,0) < 0) {
            SCLogError(SC_ERR_BPF,"bpf compilation error %s",pcap_geterr(ptv->pcap_handle));
-            exit(1);
+            return TM_ECODE_FAILED;
        }

        if(pcap_setfilter(ptv->pcap_handle,&ptv->filter) < 0) {
            SCLogError(SC_ERR_BPF,"could not set bpf filter %s",pcap_geterr(ptv->pcap_handle));
-            exit(1);
+            return TM_ECODE_FAILED;
        }
    }

--- a/src/suricata.c
+++ b/src/suricata.c
@ -285,6 +285,45 @@ void EngineKill(void) {
    sigflags |= SURICATA_KILL;
 }

+static void SetBpfString(int optind, char *argv[]) {
+    char *bpf_filter = NULL;
+    uint32_t bpf_len = 0;
+    int tmpindex = 0;
+
+    /* attempt to parse remaining args as bpf filter */
+    tmpindex = optind;
+    while(argv[tmpindex] != NULL) {
+        bpf_len+=strlen(argv[tmpindex]) + 1;
+        tmpindex++;
+    }
+
+    if (bpf_len == 0)
+        return;
+
+    bpf_filter = malloc(bpf_len);
+    if (bpf_filter == NULL) {
+        SCLogError(SC_ERR_MEM_ALLOC, "%s", strerror(errno));
+        exit(EXIT_FAILURE);
+    }
+    memset(bpf_filter, 0x00, bpf_len);
+
+    tmpindex = optind;
+    while(argv[tmpindex] != NULL) {
+        strlcat(bpf_filter, argv[tmpindex],bpf_len);
+        if(argv[tmpindex + 1] != NULL) {
+            strlcat(bpf_filter," ", bpf_len);
+        }
+        tmpindex++;
+    }
+
+    if(strlen(bpf_filter) > 0) {
+        if (ConfSet("bpf-filter", bpf_filter, 0) != 1) {
+            fprintf(stderr, "ERROR: Failed to set bpf filter.\n");
+            exit(EXIT_FAILURE);
+        }
+    }
+}
+
 void usage(const char *progname)
 {
    printf("%s %s\n", PROG_NAME, PROG_VER);
@ -323,9 +362,6 @@ int main(int argc, char **argv)
    char *sig_file = NULL;
    char *nfq_id = NULL;
    char *conf_filename = NULL;
-    char *bpf_filter = NULL;
-    uint32_t bpf_len = 0;
-    int tmpindex = 0;
 #ifdef UNITTESTS
    char *regex_arg = NULL;
 #endif
@ -505,30 +541,7 @@ int main(int argc, char **argv)
            exit(EXIT_FAILURE);
        }
    }
-
-    /* attempt to parse remaining args as bpf filter */
-    tmpindex = optind;
-    while(argv[tmpindex] != NULL) {
-        bpf_len+=strlen(argv[tmpindex]) + 1;
-        tmpindex++;
-    }
-    bpf_filter= malloc(bpf_len);
-
-    tmpindex = optind;
-    while(argv[tmpindex] != NULL) {
-        strlcat(bpf_filter, argv[tmpindex],bpf_len);
-        if(argv[tmpindex + 1] != NULL) {
-            strlcat(bpf_filter," ", bpf_len);
-        }
-        tmpindex++;
-    }
-
-    if(strlen(bpf_filter) > 0) {
-        if (ConfSet("bpf-filter", bpf_filter, 0) != 1) {
-            fprintf(stderr, "ERROR: Failed to set bpf filter.\n");
-            exit(EXIT_FAILURE);
-        }
-    }
+    SetBpfString(optind, argv);

    SCLogInfo("This is %s version %s", PROG_NAME, PROG_VER);
    UtilCpuPrintSummary();